Merge branch 'master' into copilot/fix-3550

Signed-off-by: Paul Johnston <[email protected]>

Author: pjohnst5

.github/dependabot.yaml

@@ -5,8 +5,6 @@ updates:
   directory: "/"
   schedule:
     interval: "daily"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "ci"
   labels: [ "ci", "dependencies" ]
@@ -15,8 +13,6 @@ updates:
   directory: "/"
   schedule:
     interval: "daily"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "ci"
   labels: [ "ci", "dependencies" ]
@@ -25,8 +21,6 @@ updates:
   directory: "/"
   schedule:
     interval: "daily"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
   labels: [ "dependencies" ]
@@ -35,8 +29,6 @@ updates:
   directory: "/azure-ipam"
   schedule:
     interval: "daily"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
   labels: [ "dependencies", "azure-ipam" ]
@@ -45,8 +37,6 @@ updates:
   directory: "/build/tools"
   schedule:
     interval: "daily"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
   labels: [ "dependencies" ]
@@ -71,8 +61,6 @@ updates:
   directory: "/"
   schedule:
     interval: "daily"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
   labels: [ "dependencies", "release/1.5" ]
@@ -82,8 +70,6 @@ updates:
   directory: "/azure-ipam"
   schedule:
     interval: "daily"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
   labels: [ "dependencies", "azure-ipam", "release/1.5" ]
@@ -93,8 +79,6 @@ updates:
   directory: "/"
   schedule:
     interval: "daily"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
   labels: [ "dependencies", "release/1.4" ]
@@ -104,8 +88,6 @@ updates:
   directory: "/azure-ipam"
   schedule:
     interval: "daily"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
   labels: [ "dependencies", "azure-ipam", "release/1.4" ]

.golangci.yml

@@ -9,11 +9,8 @@ linters:
   - format
   - performance
   - unused
-  disable:
-  - maligned
-  - scopelint
   enable:
-  - exportloopref
+  - copyloopvar
   - goconst
   - gocritic
   - gocyclo

.pipelines/build/binaries.jobs.yaml

@@ -43,3 +43,37 @@ jobs:
           target: $(name)
           os: $(OS)
           arch: $(ARCH)
+
+
+  - ${{ elseif and(eq(job_data.templateContext.action, 'sign'), job_data.templateContext.isOfficial) }}:
+    - job: sign_${{ job_data.job }}
+      displayName: "Sign Binary - ${{ job_data.displayName }} -"
+      strategy: ${{ job_data.strategy }}
+      pool:
+        ${{ if eq(job_data.job, 'windows_amd64') }}:
+          type: windows
+        ${{ else }}:
+          type: linux
+      variables:
+        ob_outputDirectory: $(Build.SourcesDirectory)
+        ob_artifactSuffix: _$(artifact)
+        ob_git_checkout: false
+      steps:
+      - task: DownloadPipelineArtifact@2
+        inputs:
+          targetPath: $(Build.SourcesDirectory)
+          artifact: '${{ job_data.templateContext.repositoryArtifact }}'
+
+      - task: ExtractFiles@1
+        inputs:
+          archiveFilePatterns: '**/*.?(tgz|tgz.gz|zip)'
+          destinationFolder: $(Build.SourcesDirectory)
+          cleanDestinationFolder: false
+          overwriteExistingFiles: true
+
+      - task: onebranch.pipeline.signing@1
+        inputs:
+          command: 'sign'
+          signing_profile: 'external_distribution'
+          files_to_sign: '**/*'
+          search_root: $(Build.SourcesDirectory)

.pipelines/build/dockerfiles/azure-ipam.Dockerfile

@@ -0,0 +1,16 @@
+ARG ARCH
+
+
+# skopeo inspect docker://mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 --format "{{.Name}}@{{.Digest}}"
+FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as windows
+ARG ARTIFACT_DIR .
+
+COPY ${ARTIFACT_DIR}/bin/dropgz.exe /dropgz.exe
+ENTRYPOINT [ "/dropgz.exe" ]
+
+
+FROM scratch AS linux
+ARG ARTIFACT_DIR .
+
+COPY ${ARTIFACT_DIR}/bin/dropgz /dropgz
+ENTRYPOINT [ "/dropgz" ]

.pipelines/build/dockerfiles/cni.Dockerfile

@@ -0,0 +1,16 @@
+ARG ARCH
+
+
+# skopeo inspect docker://mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 --format "{{.Name}}@{{.Digest}}"
+FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as windows
+ARG ARTIFACT_DIR .
+
+COPY ${ARTIFACT_DIR}/bin/dropgz.exe /dropgz.exe
+ENTRYPOINT [ "/dropgz.exe" ]
+
+
+FROM scratch AS linux
+ARG ARTIFACT_DIR .
+
+COPY ${ARTIFACT_DIR}/bin/dropgz /dropgz
+ENTRYPOINT [ "/dropgz" ]

.pipelines/build/dockerfiles/cns.Dockerfile

@@ -0,0 +1,28 @@
+ARG ARCH
+
+
+# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
+FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b AS windows
+ARG ARTIFACT_DIR .
+
+COPY ${ARTIFACT_DIR}/files/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
+COPY ${ARTIFACT_DIR}/scripts/setkubeconfigpath.ps1 setkubeconfigpath.ps1
+COPY ${ARTIFACT_DIR}/bin/azure-cns.exe /azure-cns.exe
+ENTRYPOINT ["azure-cns.exe"]
+EXPOSE 10090
+
+
+# mcr.microsoft.com/cbl-mariner/base/core:2.0
+# skopeo inspect docker://mcr.microsoft.com/cbl-mariner/base/core:2.0 --format "{{.Name}}@{{.Digest}}"
+FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core@sha256:961bfedbbbdc0da51bc664f51d959da292eced1ad46c3bf674aba43b9be8c703 AS build-helper
+RUN tdnf install -y iptables
+
+# mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
+FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/distroless/minimal@sha256:7778a86d86947d5f64c1280a7ee0cf36c6c6d76b5749dd782fbcc14f113961bf AS linux
+ARG ARTIFACT_DIR .
+
+COPY --from=build-helper /usr/sbin/*tables* /usr/sbin/
+COPY --from=build-helper /usr/lib /usr/lib
+COPY ${ARTIFACT_DIR}/bin/azure-cns /usr/local/bin/azure-cns
+ENTRYPOINT [ "/usr/local/bin/azure-cns" ]
+EXPOSE 10090

.pipelines/build/dockerfiles/ipv6-hp-bpf.Dockerfile

@@ -0,0 +1,10 @@
+ARG ARCH
+
+
+FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/distroless/minimal:3.0 AS linux
+ARG ARTIFACT_DIR
+COPY ${ARTIFACT_DIR}/lib/* /lib
+COPY ${ARTIFACT_DIR}/bin/ipv6-hp-bpf /ipv6-hp-bpf
+COPY ${ARTIFACT_DIR}/bin/nft /usr/sbin/nft
+COPY ${ARTIFACT_DIR}/bin/ip /sbin/ip
+CMD ["/ipv6-hp-bpf"]

.pipelines/build/dockerfiles/npm.Dockerfile

@@ -0,0 +1,29 @@
+ARG ARCH
+
+
+# intermediate for win-ltsc2022
+FROM --platform=windows/${ARCH} mcr.microsoft.com/windows/servercore@sha256:45952938708fbde6ec0b5b94de68bcdec3f8c838be018536b1e9e5bd95e6b943 as windows
+ARG ARTIFACT_DIR
+
+COPY ${ARTIFACT_DIR}/files/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
+COPY ${ARTIFACT_DIR}/scripts/setkubeconfigpath.ps1 setkubeconfigpath.ps1
+COPY ${ARTIFACT_DIR}/scripts/setkubeconfigpath-capz.ps1 setkubeconfigpath-capz.ps1
+COPY ${ARTIFACT_DIR}/bin/azure-npm.exe npm.exe
+
+CMD ["npm.exe", "start" "--kubeconfig=.\\kubeconfig"]
+
+
+FROM --platform=linux/${ARCH} mcr.microsoft.com/mirror/docker/library/ubuntu:24.04 as linux
+ARG ARTIFACT_DIR
+
+RUN apt-get update && apt-get install -y iptables ipset ca-certificates && apt-get autoremove -y && apt-get clean
+#RUN apt-get update && \
+#    apt-get install -y \
+#      linux-libc-dev \
+#      libc6-dev \
+#      libtasn1-6 \
+#      gnutls30 iptables ipset ca-certificates
+#RUN apt-get autoremove -y && apt-get clean
+
+COPY ${ARTIFACT_DIR}/bin/azure-npm /usr/bin/azure-npm
+ENTRYPOINT ["/usr/bin/azure-npm", "start"]

.pipelines/build/generate-manifest.steps.yaml

@@ -10,7 +10,7 @@ steps:
     MANIFEST_DATA=$(echo "$IMAGE_PLATFORM_DATA" | \
       jq -r '.[] | 
         .args = [ (.platform | split("/")[0]), (.platform     | split("/")[1]) ] | 
-        .args = [ ("--os "   + .args[0]     ), ("--arch " + .args[1]     ) ] | 
+        .args = [ ("--os "   + .args[0]     ), ("--arch "     + .args[1]     ) ] | 
         if .osVersion then .args += ["--os-version " + .osVersion] else . end    |
         { image: .imageReference, annotate: .args }' | \
       jq -rcs)

.pipelines/build/image.steps.yaml

@@ -15,10 +15,6 @@ parameters:
   type: string
   default: ""
 
-- name: dockerfile_path
-  type: string
-  default: ""
-
 - name: archive_file
   type: string
   default: '$(name)-$(os)-$(platform)-$(Tag)'
@@ -50,8 +46,8 @@ parameters:
 steps:
 - task: DownloadPipelineArtifact@2
   inputs:
-    targetPath: $(Build.SourcesDirectory)/dst/${{ parameters.source }}
-    artifact: '${{ parameters.source }}'
+    targetPath: $(Build.SourcesDirectory)/dst/artifacts
+    artifact: ${{ parameters.source }}
 
 - task: onebranch.pipeline.containercontrol@1
   displayName: "Login to ACR"
@@ -70,14 +66,13 @@ steps:
     repositoryName: $(os)-$(arch)/${{ parameters.name }}
     os: '${{ parameters.os }}'
     buildkit: 1
-    dockerFileRelPath: ${{ parameters.dockerfile_path }}/Dockerfile
-    dockerFileContextPath: ${{ parameters.source }}
+    dockerFileRelPath: artifacts/Dockerfile
     enable_network: true
     enable_pull: true
     build_tag: ${{ parameters.build_tag }}
     enable_acr_push: true
-
     saveImageToPath: images/$(os)-$(arch)/${{ parameters.archive_file }}.tar.gz
+    enabled_cache: false
     #compress: true
     #saveMetadataToPath: images/$(os)-$(arch)/metadata/${{ parameters.archive_file }}-metadata.json
     #enable_isolated_acr_push: true